CVE-2023-23588 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-23588 PUBLISHED CVSS 6.199999809265137 MEDIUM

A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.

EPSS 0.04% · 12.7th percentile

Risk Scores

CVSS v3.1

6.199999809265137

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

EPSS Score

0.04%

12.7th percentile

Affected Products

Vendor	Product	Versions
siemens	simatic_ipc847d_firmware
Siemens	SIMATIC IPC847D	All versions
Siemens	SIMATIC IPC1047E	All versions with maxView Storage Manager < 4.09.00.25611 on Windows
Siemens	SIMATIC IPC647D	All versions
Siemens	SIMATIC IPC647E	All versions with maxView Storage Manager < 4.09.00.25611 on Windows
microchip	maxview_storage_manager	0, 0
Siemens	SIMATIC IPC1047	All versions
siemens	simatic_ipc1047_firmware
siemens	simatic_ipc647d_firmware
Siemens	SIMATIC IPC847E	All versions with maxView Storage Manager < 4.09.00.25611 on Windows

Timeline

Apr 11, 2023 CVE Published
Apr 11, 2023 EPSS Score
May 18, 2023 EPSS Score
Jun 24, 2023 EPSS Score
Aug 1, 2023 EPSS Score
Sep 7, 2023 EPSS Score
Oct 14, 2023 EPSS Score
Nov 20, 2023 EPSS Score
Dec 27, 2023 EPSS Score
Feb 2, 2024 EPSS Score
Mar 11, 2024 EPSS Score
Apr 17, 2024 EPSS Score

References

Open in Interactive Console →